| Vulnerability Name: | CVE-2018-1111 (CCN-143382) | ||||||||||||||||||
| Assigned: | 2017-12-04 | ||||||||||||||||||
| Published: | 2018-05-15 | ||||||||||||||||||
| Updated: | 2023-02-12 | ||||||||||||||||||
| Summary: | DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. | ||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
7.0 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
| ||||||||||||||||||
| CVSS v2 Severity: | 7.9 High (CVSS v2 Vector: AV:A/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||
| Vulnerability Type: | CWE-77 | ||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-1111 Source: CCN Type: IBM Security Bulletin 0715803 (PowerKVM) A vulnerability in DHCP affects PowerKVM Source: CCN Type: BID-104195 DHCP CVE-2018-1111 Command Injection Vulnerability Source: secalert@redhat.com Type: Third Party Advisory, VDB Entry secalert@redhat.com Source: secalert@redhat.com Type: Third Party Advisory, VDB Entry secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: CCN Type: Red Hat Bugzilla Bug 1567974 (CVE-2018-1111) CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script Source: secalert@redhat.com Type: Issue Tracking, Vendor Advisory secalert@redhat.com Source: XF Type: UNKNOWN redhat-dhcp-cve20181111-command-exec(143382) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Packet Storm Security [05-18-2018] DynoRoot DHCP Command Injection Source: CCN Type: Packet Storm Security [06-12-2018] DHCP Client Command Injection (DynoRoot) Source: CCN Type: Packet Storm Security [09-06-2018] NetworkManager Daemon Command Execution Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [05-18-2018] Source: secalert@redhat.com Type: Exploit, VDB Entry, Third Party Advisory secalert@redhat.com Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [06-13-2018] Source: secalert@redhat.com Type: Exploit, Third Party Advisory, VDB Entry secalert@redhat.com Source: CCN Type: IBM Security Bulletin 882400 (DS8800) Security vulnerabilities have been identified in IBM Java Runtime and the microcode shipped with the DS8000 Hardware Management Console (HMC) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com | ||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||
| Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
| BACK | |||||||||||||||||||